Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Armory
Re: Tool to brute-force offline armory password?
by
doug_armory
on 01/02/2015, 21:44:28 UTC
Quote from: infernusdoleo on February 01, 2015, 04:29:17 AM
You just completely lost my faith in your software. Wtf is wrong with you people?

With all due respect, there's only so much we can do at any given time. Armory is open source software. Even if we wanted to add some super-duper-secret backdoor that would let us recover coins from wallets at will, somebody would find it, and we'd be strung up by our junk in the virtual town square. We also only have so much time to devote in instances like these. People sometimes come asking for help. We could turn them away. We've decided to offer help if people are willing to accept the parameters. The lowest hanging fruit is the wallet data and the password remnants. The lowest hanging fruit also tends to be the kind that requires the most trust from the end user. It's not ideal, but hey, there are only so many hours in a day, and there are a million other things we need to have finished yesterday.

Yes, I agree that sending a wallet and what one can remember of their password is risky. I'd also like to know what alternatives people have in mind, other than just accepting that their coins might be lost. We offer multiple ways to back up wallets when said wallets are created (or even well after they're created) so that our services aren't required. We also offer a last-gasp alternative if people are willing to get their hands a little dirty one way or another. Someday, maybe we'll have a shiny alternative, like the one goatpig mentioned, that doesn't require cursing at us in public. Until then, this is the way it is. Cursing at us, and then blaming one's behavior on being intoxicated, isn't going to help matters.

At the risk of sounding arrogant, keep in mind that other businesses just plain won't help you if you forget your password. I've seen several companies that had an explicit policy stating that customers who forgot their passwords, or needed some sort of help with debugging (e.g., using Wireshark to decrypt TLS output using a customer's private key), were SOL. This included multinational corporations who had spent millions of dollars on specialized hardware. There are good reasons why even they don't always get the help they want. (There are also good reasons why they should get help. It's a balancing act.)